1. Technical Field
The present disclosure relates to a countermeasure method for protecting sensitive data circulating in an electronic component against attacks aiming to discover these data. It also relates to a portable device with a microcircuit such as a chip card, implementing the method.
2. Description of the Related Art
Sensitive data may notably be encryption or decryption keys, and more generally cryptographic data used or developed during cryptographic calculations, such as the intermediary data of such calculations, and identifiers which are desirable to be kept secret.
Microcircuit devices handling sensitive data are sometimes the object of attacks aiming to determine these data. Among the known types of attacks, attacks of the type SPA (Simple Power Analysis) or DPA (Differential Power Analysis) consist of measuring the currents and voltages going into and coming out of the microcircuit during its execution of a program, with the aim of determining the protected data treated or used by the microcircuit. With this same goal, attacks of the type EMA (Electromagnetic Analysis) are based upon the analysis of electromagnetic radiation emitted by the microcircuit.
Also known are fault injection attacks, which consist of introducing disruptions into the microcircuit while it is executing sensitive algorithms such as cryptographic algorithms, or with the aim of launching an uploading routine that emits, upon one of the ports, data that is memorized. Such a disruption may be done by applying to the microcircuit, on one of its contacts, one or more brief lightings or voltage peaks.
In order to fight against such varied attacks, numerous solutions of different types have been developed. The disclosure relates in particular to those which aim to protect data while they are circulating in a microcircuit.
To this effect, it is known to encrypt each sensitive data at the output of a memory or register or before it is transmitted on a data bus, and to decrypt the data at the input of a memory or register or when it arrives at its destination. It turns out that this solution only provides a partial protection of transmitted data, given that between the output of the decryption mechanism and the input of the memory or register, the data circulate in circuits such as logical gates and multiplexers that produce a signature that is visible to EMA or SPA type attacks. A writing operation in the memory or the register may also emit a signature.
It is also known to precharge a register that is to receive a sensitive data with a randomly generated data in order to change the state of certain memory cells, and thus to modify the signature emitted during the writing in the register. This solution has the inconvenience of necessitating a supplementary instruction in order to perform the precharge.